Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark allows the user to put the network interfaces that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the interface’s configured addresses and broadcast/ multicast traffic.

However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all of the traffic traveling through the switch will necessarily be sent to the port on which the capture is being done, so capturing in promiscuous mode will not necessarily be sufficient to see all traffic on the network. Port mirroring or various network taps extend capture to any point on net; simple passive taps are extremely resistant to malware tampering.

# The NCP dissector was susceptible to a number of problems, including buffer overflows and an infinite loop. (Bug 2675)Versions affected: 0.9.7 to 1.0.2# Wireshark could crash while uncompressing zlib-compressed packet data. (Bug 2649)Versions affected: 0.10.14 to 1.0.2# Wireshark could crash while reading a Tektronix .rf5 file.Versions affected: 0.99.6 to 1.0.2